Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] Re: Why Install Telnet by Default?
  • From: John Summerfield <suse@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 09 Dec 2005 01:02:48 +0800
  • Message-id: <43986738.8030207@xxxxxxxxxxxxxxxxxxxxxx>
Randall R Schulz wrote:
> Allen,
>
> On Thursday 08 December 2005 08:37, Allen wrote:
>> Telnet is only insecure because it sends usernames and passwords in
>> the clear and that's a bad idea over the internet because it can be
>> snooped. However, on a LAN where you want to tinker, this is fine.
>
> It's also not secure in that it sends _all_ the data, inbound and
> outbound, unencrypted.
>
Just like postfix, sendmail, exim, qmail, zmailer and every other MTA.

More people send more confidential data by unencrypted email than they
do by telnet, and I don't recall anyone saying "don't use email."

Yeah, sometimes someone emntions it'sinsecure, usually they don't say
why, but as soon as someone mentions telnet, they say, Ooh, don't do
that, it's insecure."

It's the telnet _protocol_ that lacks security features: don't blam the
servers and clients for doing what the telnet STDs say they must.


I use ssh rather than telnet, rsh, rexec etc because it's more
convenient. Mostly, I control the wire or go through a vpn I control.

< Previous Next >